lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1493991983.7796.40.camel@edumazet-glaptop3.roam.corp.google.com> Date: Fri, 05 May 2017 06:46:23 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Florian Westphal <fw@...len.de> Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Yuchung Cheng <ycheng@...gle.com> Subject: Re: [PATCH v2 net] tcp: randomize timestamps on syncookies On Fri, 2017-05-05 at 11:36 +0200, Florian Westphal wrote: > Eric Dumazet <eric.dumazet@...il.com> wrote: > > From: Eric Dumazet <edumazet@...gle.com> > > > > Whole point of randomization was to hide server uptime, but an attacker > > can simply start a syn flood and TCP generates 'old style' timestamps, > > directly revealing server jiffies value. > > > > Also, TSval sent by the server to a particular remote address vary > > depending on syncookies being sent or not, potentially triggering PAWS > > drops for innocent clients. > > > > Lets implement proper randomization, including for SYNcookies. > > > Thanks a lot Eric, this works for me (I also tested ipv6 this time ;) ) > > Minor nit: > net/ipv4/tcp_ipv4.c:154:6: warning: unused variable 'seq' [-Wunused-variable] > Thanks Florian, I will remove this in v3, and add your tags. > Other than this: > Reviewed-by: Florian Westphal <fw@...len.de> > Tested-by: Florian Westphal <fw@...len.de>
Powered by blists - more mailing lists